💬 Reply by pid_eins

2024-12-03 ┃ edited ┃ RE: pid_eins

It will even optionally convert your DER certificate into the ESL format EFI SB expects.

Or in other words: running a self-enrolled system has become a lot more automatic now. If you focus on building images for VMs it might make a lot of sense to make self-enrolled systems a thing, and thus ensure that your VMs only run your code and nothing else, locking them down substantially.

And that's it for today.

pid_eins

https://mastodon.social/@pid_eins/113587917662484775

💬 Replies

2024-12-03 Conan_Kudo ┃ 1💬

@pid_eins Can this be used in an "append-only" way? That is, without wiping out existing enrolled keys?

2024-12-03 Man2Dev ┃ 1💬

@pid_eins Can this be done with containers as well?

────

View parent post

View first post in thread

View thread

────

📡 Local feed

🏕️ Communities

🔥 Hashtags

🔎 Search posts

🔑 Sign in

📊 Status

🛟 Help